Google’s numerous services and products, have always been the target of the world’s media for an alleged lack of security and overall privacy. Fortunately, there are many experts working together with Google or most major companies looking for backdoors and other types of exploits to inform and help the company fix them in a quick manner, in order to avoid any potential harm and give their numerous users a better and safer overall experience. Today, a firm of well-intentioned hackers have found a completely new exploit in a rather unusual product to be the target of a cyber attack. Pen Test Partners, a partnership of high-end penetration testers, found a vulnerability in a Samsung smart fridge that gives attackers, a virtually unrestricted access to the users Gmail credentials.
Although this newly found exploit might sound a bit unusual, as it is not a common occurrence to hear that your refrigerator might be the target of a cyber criminal attack, but this doesn’t relieve any of the severity of the issue at all. If a cyber criminal is able to easily access your Gmail credentials, it would create a huge issue, as it would mean that said attacker will have no problem stealing data from your Google account. The newly discovered exploit by Pen Test Partners in Samsung’s whole lineup of smart fridges, is normally called a man-in-the-middle vulnerability; this type of criminal act consists in data being intercepted by a hacker in the middle of the process of going between a server and the device, which in this case is a smart refrigerator.
Samsung’s RF28HMELBSR fridge is the model in which the exploit was discovered, as it gives user a nifty little feature to display their own Google Calendar on the fridge’s screen. Samsung was certain that their Secure Sockets Layer (SSL) was a smart option to protect the user’s data and credentials, it leaves the home appliance vulnerable to an attack after the fridge fails to validate the certificates that are embedded in the SSL protocol. Ken Munro, one of Pen Test partners, noted that “While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on…can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbors” Hopefully Samsung or Google will quickly release a fix for this rather serious exploit, as even if there are still not a lot smart fridge users, having their credentials vulnerable is a serious issue.